Trebam pomoc, pokupio sam neki malver!

2

Trebam pomoc, pokupio sam neki malver!

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 140

Napisano: 10 Avg 2020 21:29

Ne bi rekao da je FRST radio kako treba jer mi je prilikom brsanja program zablokirao sam od sebe sa porukom (Not responding) i tako stajalo nekih 2h, pa sam restartovao komp i dobio sam obavijest da je brisanje kao uspjelo pa moram opet restartovati PC sa izvjestajom koji sam ti poslao. E sada dali je program uradio svoj posao vjeruj mi da ne znam, i zbog kojeg je razloga zablokirao! Koristio sam FRST 64, jer koristim 64 bitnu verziju Windowsa!

Dopuna: 10 Avg 2020 21:34

Na Control Panelu tog ScrSnap nema, ja ga ne vidim, jer kao sto sam na pocetku rekao, odma prilikom infekcije ja sam sve te instalirane programe izbrisao pomocu REVO uninstalera pomocu (Advance) opcije. Evo prikazat cu ti na slici da ga ne vidim, vjerovatno su ostali neki njegovi tragovi od tog programa.




Dopuna: 10 Avg 2020 21:47

Evo slikovno da vidiš, zasteka i nece da zavrsi, ne mogu ga cak ni iskljuciti preko Task Managera, moram restartovati PC, ali je uspjesno kao napravio ovaj put fixlog.

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8358
  • Gde živiš: Novi Beograd

Nema veze, uklonio ga je FRST. Ali i dalje se borimo.

Preuzmi TDSSKiller, sacuvaj alat na Desktop i dvoklikom pokreni TDSSKiller.exe
U "End user Licence Agreement" dijalogu klikni na Accept.
Takođe, u "KSN Statement" dijalogu klikni na Accept.


klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.

Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 140

helen1 ::Nema veze, uklonio ga je FRST. Ali i dalje se borimo.

Preuzmi TDSSKiller, sacuvaj alat na Desktop i dvoklikom pokreni TDSSKiller.exe
U "End user Licence Agreement" dijalogu klikni na Accept.
Takođe, u "KSN Statement" dijalogu klikni na Accept.


klikni na dugme Start Scan

Ukoliko sumnjive stavke Suspicious object budu detektovani, podrazumevana opcija (default action) jeste Skip, klikni na Continue.
Ukoliko maliciozni objekti Malicious objects budu detektovani, izaberi opciju Cure.

Okaci mi sadrzaj log-a sa sledece lokacije:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen)


Evo ima neka dva loga:

mycity.rs/must-login.png
mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8358
  • Gde živiš: Novi Beograd

Skeniraj i postavi mi nove FRST logove.

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 140

helen1 ::Skeniraj i postavi mi nove FRST logove.

Evo logova:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-08-2020
Ran by Win7 (administrator) on WIN7-PC (Gigabyte Technology Co., Ltd. P85-D3) (11-08-2020 23:48:12)
Running from C:\Users\Win7\Downloads
Loaded Profiles: Win7
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCClient.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <6>
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Solid State System Co., Ltd. -> SSS) C:\Windows\System32\AudioDeviceService.exe
(Solid State System) [File not signed] C:\Program Files (x86)\MARVO HG9055 Driver\MARVO HG9055 Driver.exe
(Windscribe Limited -> Windscribe Limited) C:\Programi\Windscribe\WindscribeService.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [176472 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation -> Intel Corporation)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [D3DOverrider] => "C:\Users\Win7\Downloads\PES2017 NO LAG\D3DOverrider\D3DOverriderWrapper.exe" /s
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [MARVO HG9055 Driver] => C:\Program Files (x86)\MARVO HG9055 Driver\MARVO HG9055 Driver.exe [11099032 2020-01-02] (Solid State System) [File not signed]
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\Run: [Opera Browser Assistant] => C:\Users\Win7\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3126296 2020-08-05] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\...\MountPoints2: {0ecad849-e776-11e5-a4fd-806e6f6e6963} - E:\DVDSetup.exe
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {107C016D-629A-4302-B979-F2AD1C16EED9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [569416 2016-02-23] (Apple Inc. -> Apple Inc.)
Task: {1B10449C-6B0D-47B9-965D-29DAD87BBD03} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_pepper.exe [1471032 2020-07-15] (Adobe Inc. -> Adobe)
Task: {254D8B93-B304-4680-BC33-38DD8E44CE1F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2571704 2020-02-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {38B281F7-A2CA-40AD-8868-B23FAA098FA4} - System32\Tasks\{493C36DF-A38A-4CC1-B703-0A83249A546B} => C:\Windows\system32\pcalua.exe -a "D:\Igre\Battlefield 3™\__Installer\vc\vc2008sp1\redist\vcredist_x64.exe" -d "D:\Igre\Battlefield 3™\__Installer\vc\vc2008sp1\redist"
Task: {6F12F8DC-C22C-4E58-80A3-7CD11DEAD830} - System32\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {7BCE4BC4-A1FA-4D25-9496-1F7BD2F2B896} - System32\Tasks\Opera scheduled Autoupdate 1576022251 => C:\Users\Win7\AppData\Local\Programs\Opera\launcher.exe [1509400 2020-07-27] (Opera Software AS -> Opera Software)
Task: {81D520A2-BD1B-4CD3-A07C-42982FACC924} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3325520 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {98E25565-E035-46FF-9E5F-8DB8FDF71E79} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe)
Task: {A6EB4D90-7F21-40A4-B45F-6B66121CD80E} - System32\Tasks\{B39A65C2-648C-43E0-AD55-18EF429E9036} => C:\Windows\system32\pcalua.exe -a "C:\Users\Win7\Downloads\Crysis repack Mr DJ\Redist\dxwesetup.exe" -d "C:\Users\Win7\Downloads\Crysis repack Mr DJ\Redist"
Task: {B8B6F546-0AA8-453C-BCF9-1961AE3C78B3} - System32\Tasks\{39EDDACF-08FF-4AA5-B603-3D0FEEA97C0D} => C:\Windows\system32\pcalua.exe -a C:\Users\Win7\Downloads\HeSuVi_2.0.0.1.exe -d C:\Users\Win7\Downloads
Task: {C5E0486E-16D3-4A04-B158-8B6062BC7E80} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_403_Plugin.exe [1475640 2020-07-15] (Adobe Inc. -> Adobe)
Task: {E06E2EFC-291D-43E0-8430-04FEFB0230ED} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [1724928 2019-12-17] () [File not signed]
Task: {E213F134-C054-4D0A-BAC6-EF2EA72221EA} - System32\Tasks\Opera scheduled assistant Autoupdate 1581091594 => C:\Users\Win7\AppData\Local\Programs\Opera\launcher.exe [1509400 2020-07-27] (Opera Software AS -> Opera Software)
Task: {E3DEB627-844D-480F-A75B-F77F32D3622D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {E459871C-5E46-4292-9FA6-E722AEEB2E4E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1336400 2020-07-08] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\Windows\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [S-1-5-21-4024489933-1853363021-3339780435-1000] => http=127.0.0.1:8888
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0B7D66C4-A5D8-454B-B905-9E7D3A6BFC8A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{DE7B5564-543C-4F20-9C5D-11A993C24EE2}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKU\S-1-5-21-4024489933-1853363021-3339780435-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-xl/?ocid=iehp
SearchScopes: HKLM-x32 -> DefaultScope value is missing
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Windows -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 523o2192.default
FF ProfilePath: C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default [2020-08-11]
FF Homepage: Mozilla\Firefox\Profiles\523o2192.default -> hxxps://www.google.ba/
FF Extension: (AdBlocker Ultimate) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\adblockultimate@adblockultimate.net.xpi [2020-07-18]
FF Extension: (Firefox Homepage) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\cehomepage@mozillaonline.com.xpi [2020-08-06] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (Addons Manager) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\cpmanager@mozillaonline.com.xpi [2020-08-06] [UpdateUrl:hxxps://addons.firefox.com.cn/chinaedition/addons/updates.json?reqVersion=%REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion=%ITEM_MAXAPPVERSION%&status=%ITEM_STATUS%&appID=%APP_ID%&appVersion=%APP_VERSION%&appOS=%APP_OS%&appABI=%APP_ABI%&locale=%APP_LOCALE%&currentAppVersion=%CURRENT_APP_VERSION%&updateType=%UPDATE_TYPE%&compatMode=%COMPATIBILITY_MODE%]
FF Extension: (TubeBuddy) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\e389d8c2-5554-4ba2-a36e-ac7a57093130@gmail.com.xpi [2020-08-09]
FF Extension: (Enhancer for YouTube™) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\enhancerforyoutube@maximerf.addons.mozilla.org.xpi [2020-06-18]
FF Extension: (Tags for YouTube™) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\jid0-cBh0nRMLV5BY1dlp33s3g7dFXLY@jetpack.xpi [2020-06-30]
FF Extension: (YouTube Plus) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\particle@particlecore.github.io.xpi [2017-12-08]
FF Extension: (Restore Old Theme of YouTube) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\restore.old@youtube.now.xpi [2020-06-15]
FF Extension: (uBlock Origin) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\uBlock0@raymondhill.net.xpi [2020-08-10]
FF Extension: (YouTube™ Stop Buffer) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{545bf194-8006-4166-9732-375f517e35fb}.xpi [2020-08-06]
FF Extension: (YouTube Tags) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{9d063afe-a167-4cf3-ad71-ed1204a2339f}.xpi [2020-08-09]
FF Extension: (Greasemonkey) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2019-06-13]
FF Extension: (YouTube Flash Video Player) - C:\Users\Win7\AppData\Roaming\Mozilla\Firefox\Profiles\523o2192.default\Extensions\{f3bd3dd2-2888-44c5-91a2-2caeb33fb898}.xpi [2018-01-21]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_403.dll [2020-07-15] (Adobe Inc. -> )
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_403.dll [2020-07-15] (Adobe Inc. -> )
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1235205.dll [2019-03-15] (Adobe Systems, Inc.) [File not signed]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Programi\VLC\npvlc.dll [2016-04-26] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-12] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\eset_security_config_overlay.js [2020-08-06]

Opera:
=======
OPR Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnmpcagpplmpfojmgmnngilcnanddlhb [2020-05-10]
OPR Extension: (Install Chrome Extensions) - C:\Users\Win7\AppData\Roaming\Opera Software\Opera Stable\Extensions\kipjbhgniklcnglfaldilecjomjaddfi [2019-12-31]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-07-15] (Adobe Inc. -> Adobe)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-12] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3673680 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3406416 2020-05-05] (Adobe Inc. -> Adobe Systems, Incorporated)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] (Giga-Byte Technology -> )
R2 AudioDeviceService; C:\Windows\system32\AudioDeviceService.exe [2746776 2020-01-02] (Solid State System Co., Ltd. -> SSS)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7002120 2020-03-23] (BattlEye Innovations e.K. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2020-02-07] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [6970968 2020-08-06] (Malwarebytes Inc -> Malwarebytes)
S3 mracsvc; C:\Windows\System32\mracsvc.exe [18953880 2019-09-21] (Mail.Ru LLC -> LLC Mail.Ru)
S3 PAExec; C:\Windows\PAExec.exe [189112 2017-08-17] (Power Admin LLC -> Power Admin LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-03-19] (Even Balance, Inc. -> )
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [30224 2019-07-04] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [File not signed]
S3 uncheater_bgl; C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe [2097008 2019-12-10] (Wellbia.com Co., Ltd. -> Wellbia.com Co., Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
R2 WindscribeService; C:\Programi\Windscribe\WindscribeService.exe [493232 2019-01-19] (Windscribe Limited -> Windscribe Limited)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] (Giga-Byte Technology -> )
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2020-08-06] (Malwarebytes Corporation -> Malwarebytes)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [216056 2020-08-10] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [196456 2020-08-11] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [73368 2020-08-11] (Malwarebytes Inc -> Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248968 2020-08-06] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [120432 2020-08-11] (Malwarebytes Inc -> Malwarebytes)
S3 mracdrv; C:\Windows\System32\drivers\mracdrv.sys [18189864 2019-09-21] (Mail.Ru LLC -> LLC Mail.Ru)
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [309760 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [120288 2019-06-13] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42064 2017-03-01] (AnchorFree Inc -> Anchorfree Inc.)
S3 tapprotonvpn; C:\Windows\System32\DRIVERS\tapprotonvpn.sys [35768 2019-12-13] (ProtonVPN AG -> The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [45560 2018-07-06] (Windscribe Limited -> The OpenVPN Project)
R3 UAExt; C:\Windows\System32\DRIVERS\UAExt.sys [162832 2020-01-02] (Solid State System Co., Ltd. -> Solid State System.)
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21584 2013-05-06] (Giga-Byte Technology -> )
R3 VBAudioVACMME; C:\Windows\System32\DRIVERS\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2018-11-18] (Vincent Burel -> Windows (R) Win 7 DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Windows -> Microsoft Corporation)
S3 XSplit_Dummy; C:\Windows\System32\drivers\xspltspk.sys [26200 2015-05-25] (Splitmedialabs Limited -> SplitmediaLabs Limited)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 Housvnlru; \??\C:\Windows\system32\Housvnlru.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-11 23:48 - 2020-08-11 23:48 - 000024124 _____ C:\Users\Win7\Downloads\FRST.txt
2020-08-11 23:46 - 2020-08-11 23:46 - 000196456 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2020-08-11 23:46 - 2020-08-11 23:46 - 000120432 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2020-08-11 23:46 - 2020-08-11 23:46 - 000073368 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2020-08-11 23:46 - 2020-08-11 23:46 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2020-08-11 23:46 - 2020-08-11 23:46 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\IGDump
2020-08-11 02:19 - 2020-08-11 02:20 - 000216786 _____ C:\TDSSKiller.3.1.0.28_11.08.2020_02.19.47_log.txt
2020-08-11 02:15 - 2020-08-11 02:15 - 000005512 _____ C:\TDSSKiller.3.1.0.28_11.08.2020_02.15.31_log.txt
2020-08-11 02:14 - 2020-08-11 02:14 - 000000000 ____D C:\TDSSKiller_Quarantine
2020-08-11 02:09 - 2020-08-11 02:14 - 000431224 _____ C:\TDSSKiller.3.1.0.28_11.08.2020_02.09.37_log.txt
2020-08-11 02:09 - 2020-08-11 02:09 - 005054744 _____ (AO Kaspersky Lab) C:\Users\Win7\Downloads\tdsskiller.exe
2020-08-10 16:41 - 2020-08-10 16:41 - 000216056 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2020-08-09 23:27 - 2020-08-09 23:27 - 002296320 _____ (Farbar) C:\Users\Win7\Downloads\FRST64.exe
2020-08-09 02:40 - 2020-08-09 02:40 - 000037406 _____ C:\Users\Win7\Downloads\187727-pirates.of.the.caribbean.dead.man_s.chest.2006.720p.brrip.x264.yify.zip
2020-08-09 01:53 - 2020-08-09 17:29 - 000000000 ____D C:\Users\Win7\Downloads\FRST-OlderVersion
2020-08-06 18:48 - 2020-08-06 18:48 - 000000000 ____D C:\Users\Win7\AppData\Local\Targem
2020-08-06 17:39 - 2020-08-06 17:39 - 000248968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2020-08-06 17:39 - 2020-08-06 17:39 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2020-08-06 17:39 - 2020-08-06 17:39 - 000001960 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2020-08-06 17:39 - 2020-08-06 17:39 - 000001948 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2020-08-06 17:39 - 2020-08-06 17:39 - 000000000 ____D C:\Users\Win7\AppData\Local\mbam
2020-08-06 17:39 - 2020-08-06 17:39 - 000000000 ____D C:\ProgramData\Malwarebytes
2020-08-06 17:38 - 2020-08-06 17:38 - 000000000 ____D C:\Program Files\Malwarebytes
2020-08-06 13:45 - 2020-08-06 13:45 - 000000209 _____ C:\Users\Win7\Desktop\Star Conflict.url
2020-08-06 13:44 - 2020-08-06 13:44 - 000000209 _____ C:\Users\Win7\Desktop\Hired Ops.url
2020-08-06 13:32 - 2020-08-06 13:32 - 000000000 ____D C:\Users\Win7\AppData\Local\Steam
2020-08-06 13:31 - 2020-08-06 13:31 - 000000625 _____ C:\Users\Public\Desktop\Steam.lnk
2020-08-06 13:31 - 2020-08-06 13:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2020-08-06 13:26 - 2020-08-06 13:26 - 001573568 _____ C:\Users\Win7\Downloads\SteamSetup.exe
2020-08-06 12:58 - 2020-08-11 23:48 - 000000000 ____D C:\FRST
2020-08-06 12:50 - 2020-08-06 17:57 - 000000004 _____ C:\ProgramData\rc.dat
2020-08-06 12:41 - 2020-08-06 12:41 - 008414384 _____ (Malwarebytes) C:\Users\Win7\Downloads\adwcleaner_8.0.7.exe
2020-08-06 12:24 - 2020-08-06 12:24 - 000000000 ____D C:\Users\Win7\AppData\Local\app
2020-08-06 12:23 - 2020-08-06 12:28 - 000000000 ____D C:\Users\Win7\AppData\Roaming\5tr54vcb15i
2020-08-06 12:23 - 2020-08-06 12:23 - 000000000 ____D C:\Program Files\EWLR3JPR5K
2020-08-06 12:22 - 2020-08-06 17:51 - 000000004 _____ C:\ProgramData\lock.dat
2020-08-06 12:22 - 2020-08-06 17:39 - 000000048 _____ C:\ProgramData\irw.atsd
2020-08-06 12:22 - 2020-08-06 12:22 - 000000008 _____ C:\ProgramData\ts.dat
2020-08-06 12:21 - 2020-08-06 17:57 - 000000000 ____D C:\Users\Win7\AppData\Roaming\rzlcc5xlcwg
2020-08-06 12:21 - 2020-08-06 12:21 - 000000000 ____D C:\Program Files\OTQQFRLI3L
2020-08-06 12:17 - 2020-08-06 17:57 - 000000000 ____D C:\Windows\SysWOW64\sqyjlgrh
2020-08-06 12:17 - 2020-08-06 12:35 - 000000000 ____D C:\Users\Win7\AppData\Local\Lavasoft
2020-08-06 12:17 - 2020-08-06 12:35 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2020-08-06 12:17 - 2020-08-06 12:17 - 000000558 _____ C:\Users\Win7\AppData\Local\bowsakkdestx.txt
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\Users\Win7\AppData\Local\4040d079-f2eb-4944-8e54-1c7e0ee6c604
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\SystemID
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\ProgramData\MR02TGA9HNP8YZE3RLY6DN2HT
2020-08-06 12:17 - 2020-08-06 12:17 - 000000000 ____D C:\Program Files\I8JQ12YVMS
2020-08-06 12:09 - 2020-08-06 12:09 - 000000000 ____D C:\Users\Win7\AppData\Roaming\FMRTE20
2020-08-06 12:08 - 2020-08-06 12:08 - 009462641 _____ (FMRTE ) C:\Users\Win7\Downloads\FMRTE.20.4.1.38-Setup.exe
2020-07-31 16:08 - 2020-07-31 16:08 - 000000000 ____D C:\Users\Win7\AppData\Roaming\NVIDIA
2020-07-30 19:16 - 2020-08-11 23:46 - 000000000 ____D C:\ProgramData\NVIDIA
2020-07-30 19:16 - 2020-07-30 19:16 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2020-07-30 19:16 - 2020-06-21 23:59 - 005490488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 002634728 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 001759032 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000991032 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000195048 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000122344 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2020-07-30 19:16 - 2020-06-21 23:59 - 000083256 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2020-07-30 19:16 - 2020-06-20 08:22 - 009198787 _____ C:\Windows\system32\nvcoproc.bin
2020-07-30 19:15 - 2020-06-23 01:10 - 034750856 _____ (NVIDIA Corporation) C:\Windows\system32\nvrtum64.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 007976160 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler64.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 007090400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler32.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 001780952 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001780952 _____ C:\Windows\system32\vulkaninfo.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001371352 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2020-07-30 19:15 - 2020-06-23 01:10 - 001086680 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 001086680 _____ C:\Windows\system32\vulkan-1.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000946392 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000946392 _____ C:\Windows\SysWOW64\vulkan-1.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000503176 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000449264 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000419040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2020-07-30 19:15 - 2020-06-23 01:10 - 000346336 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 124472032 _____ (NVIDIA Corporation) C:\Windows\system32\nvoptix.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 041621744 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 035518344 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 031007640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 030256008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl32.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 024180464 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2020-07-30 19:15 - 2020-06-23 01:09 - 001485040 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 001146264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000670616 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000555928 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000427416 _____ C:\Windows\system32\nvofapi64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000378264 _____ C:\Windows\SysWOW64\nvofapi.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000180976 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000166808 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000157936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2020-07-30 19:15 - 2020-06-23 01:09 - 000144792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 040572304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 035440008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler32.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 020025744 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 017355496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 006241680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 005584784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 002075888 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001722088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6445148.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001568664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 001482984 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6445148.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000672136 _____ (NVIDIA Corporation) C:\Windows\system32\nvcbl64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000545688 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2020-07-30 19:15 - 2020-06-23 01:08 - 000471792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 043292312 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 038306136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 024844744 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 020694448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 005295448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2020-07-30 19:15 - 2020-06-23 01:07 - 004617448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 001682368 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 000222112 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2020-07-30 19:15 - 2020-06-22 02:44 - 000054543 _____ C:\Windows\system32\nvinfo.pb
2020-07-30 19:15 - 2020-06-22 02:44 - 000039824 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2020-07-30 19:15 - 2020-06-22 02:44 - 000000671 _____ C:\Windows\SysWOW64\nv-vk32.json
2020-07-30 19:15 - 2020-06-22 02:44 - 000000671 _____ C:\Windows\system32\nv-vk64.json
2020-07-30 19:11 - 2020-08-06 13:34 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2020-07-25 20:57 - 2020-07-25 20:57 - 000000733 _____ C:\Users\Public\Desktop\FM Genie Scout 20.lnk
2020-07-25 20:57 - 2020-07-25 20:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FM Genie Scout 20
2020-07-25 20:56 - 2020-03-27 12:02 - 010297262 _____ ( ) C:\Users\Win7\Downloads\genie20_setup_20.4.1_b1025.exe
2020-07-24 02:19 - 2020-08-03 15:23 - 000000081 _____ C:\Users\Win7\AppData\Local\.bidstack.fault
2020-07-17 15:22 - 2020-07-17 15:22 - 000001124 _____ C:\Users\Win7\Desktop\Play Football Manager 2020.lnk
2020-07-15 05:17 - 2020-07-15 18:17 - 008774200 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerInstaller.exe

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-08-11 23:47 - 2016-11-18 17:52 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\Mozilla
2020-08-11 23:46 - 2009-07-14 07:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-08-11 04:48 - 2016-05-04 22:53 - 000000386 _____ C:\Windows\Tasks\update-sys.job
2020-08-11 02:43 - 2016-05-04 22:53 - 000000386 _____ C:\Windows\Tasks\update-S-1-5-21-4024489933-1853363021-3339780435-1000.job
2020-08-11 02:21 - 2009-07-14 07:13 - 000789866 _____ C:\Windows\system32\PerfStringBackup.INI
2020-08-11 02:21 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\inf
2020-08-10 22:51 - 2016-03-14 02:09 - 000000000 ____D C:\Users\Win7\AppData\Local\CrashDumps
2020-08-10 20:27 - 2016-03-11 14:21 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-08-09 17:37 - 2016-03-18 17:14 - 000000008 __RSH C:\ProgramData\ntuser.pol
2020-08-09 17:30 - 2009-07-14 05:20 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2020-08-09 17:30 - 2009-07-14 05:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2020-08-09 02:34 - 2016-03-11 13:37 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2020-08-07 17:00 - 2019-10-03 16:12 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2020-08-07 03:16 - 2016-03-11 12:49 - 000000000 ____D C:\Users\Win7
2020-08-07 03:15 - 2019-01-23 00:04 - 000000000 ____D C:\CPY_SAVES
2020-08-07 03:14 - 2016-03-13 22:28 - 000000000 ____D C:\Programi)
2020-08-06 17:57 - 2016-03-11 12:50 - 000001447 _____ C:\Users\Win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2020-08-06 17:26 - 2020-02-28 19:33 - 000000000 ____D C:\Users\Win7\AppData\LocalLow\BitTorrent
2020-08-06 17:26 - 2016-03-11 17:32 - 000000000 ____D C:\Users\Win7\AppData\Roaming\BitTorrent
2020-08-06 14:12 - 2009-07-14 07:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2020-08-06 14:10 - 2016-06-14 22:33 - 000000000 ____D C:\Users\Win7\AppData\Local\Sports Interactive
2020-08-06 14:05 - 2016-09-16 02:04 - 000000000 ____D C:\Users\Win7\Documents\My Games
2020-08-06 13:41 - 2017-04-23 16:33 - 000000000 ____D C:\ProgramData\Bohemia Interactive
2020-08-06 12:47 - 2016-03-11 13:45 - 000000000 ____D C:\Program Files\ESET
2020-08-06 12:45 - 2009-07-14 06:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-08-06 12:45 - 2009-07-14 06:45 - 000020640 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-08-06 12:19 - 2018-12-09 04:34 - 000000000 ____D C:\tmp
2020-08-06 12:19 - 2017-04-07 16:14 - 000000000 ____D C:\temp
2020-08-06 12:19 - 2016-06-04 17:04 - 000000000 ____D C:\IExp1.tmp
2020-08-06 12:19 - 2016-06-04 17:04 - 000000000 ____D C:\IExp0.tmp
2020-08-06 12:19 - 2016-03-11 16:19 - 000000000 ____D C:\Programi
2020-08-05 15:08 - 2020-02-07 18:06 - 000004276 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1581091594
2020-08-04 16:34 - 2019-05-23 00:44 - 000000799 _____ C:\Users\Public\Desktop\PotPlayer 64 bit.lnk
2020-07-31 15:06 - 2016-04-24 16:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-07-30 19:16 - 2018-12-01 13:47 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2020-07-30 19:16 - 2018-02-18 18:25 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2020-07-30 19:16 - 2017-10-14 22:37 - 000000000 ____D C:\Users\Win7\AppData\Local\NVIDIA
2020-07-30 19:16 - 2017-10-14 22:36 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2020-07-30 19:14 - 2009-07-14 07:08 - 000032590 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-07-29 10:35 - 2019-12-11 01:57 - 000004044 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1576022251
2020-07-26 11:39 - 2016-03-11 13:12 - 000794080 _____ C:\Users\Win7\AppData\Local\GDIPFONTCACHEV1.DAT
2020-07-26 11:38 - 2009-07-14 06:45 - 006853760 _____ C:\Windows\system32\FNTCACHE.DAT
2020-07-17 09:44 - 2020-02-08 14:24 - 000000000 ____D C:\Users\Win7\Downloads\opera autoupdate
2020-07-15 18:17 - 2020-03-22 16:17 - 000004428 _____ C:\Windows\system32\Tasks\Adobe Flash Player PPAPI Notifier
2020-07-15 18:17 - 2020-03-22 15:36 - 000004282 _____ C:\Windows\system32\Tasks\Adobe Flash Player Updater
2020-07-15 18:17 - 2020-03-22 15:36 - 000000000 ____D C:\Windows\system32\Macromed
2020-07-15 18:17 - 2019-10-17 17:08 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2020-07-15 18:17 - 2019-10-17 17:08 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2020-07-15 05:17 - 2020-03-22 15:36 - 000004416 _____ C:\Windows\system32\Tasks\Adobe Flash Player NPAPI Notifier

==================== Files in the root of some directories ========

2019-12-16 11:58 - 2019-12-18 17:40 - 000056320 _____ (SSS) C:\ProgramData\FinalDeleteFile.exe
2020-08-06 12:22 - 2020-08-06 17:51 - 000000004 _____ () C:\ProgramData\lock.dat
2020-08-06 12:50 - 2020-08-06 17:57 - 000000004 _____ () C:\ProgramData\rc.dat
2020-08-06 12:22 - 2020-08-06 12:22 - 000000008 _____ () C:\ProgramData\ts.dat
2017-04-28 01:56 - 2020-01-14 03:29 - 000000034 _____ () C:\Users\Win7\AppData\Roaming\AdobeWLCMCache.dat
2018-09-14 12:16 - 2018-09-14 12:17 - 000000025 ____H () C:\Users\Win7\AppData\Roaming\uninst48.log
2018-11-18 01:27 - 2018-12-27 22:44 - 000004592 _____ () C:\Users\Win7\AppData\Roaming\VoiceMeeterDefault.xml
2020-07-24 02:19 - 2020-08-03 15:23 - 000000081 _____ () C:\Users\Win7\AppData\Local\.bidstack.fault
2016-10-05 00:03 - 2017-10-14 00:24 - 000001456 _____ () C:\Users\Win7\AppData\Local\Adobe Save for Web 13.0 Prefs
2020-08-06 12:17 - 2020-08-06 12:17 - 000000558 _____ () C:\Users\Win7\AppData\Local\bowsakkdestx.txt
2019-10-12 01:09 - 2019-10-12 01:09 - 000000000 ___SH () C:\Users\Win7\AppData\Local\LumaEmu
2018-09-27 18:00 - 2018-09-27 18:00 - 000000000 _____ () C:\Users\Win7\AppData\Local\oobelibMkey.log
2020-04-29 15:57 - 2020-04-29 15:57 - 000000871 _____ () C:\Users\Win7\AppData\Local\recently-used.xbel
2016-06-14 18:07 - 2019-11-08 02:35 - 000007619 _____ () C:\Users\Win7\AppData\Local\Resmon.ResmonCfg
2018-09-14 12:16 - 2018-09-14 12:17 - 000000025 ____H () C:\Users\Win7\AppData\Local\uninst37.log
2016-05-04 22:53 - 2016-05-04 22:53 - 000000003 _____ () C:\Users\Win7\AppData\Local\updater.log
2016-05-04 22:53 - 2016-05-04 23:08 - 000000059 _____ () C:\Users\Win7\AppData\Local\UserProducts.xml

==================== FLock ==============================

2020-08-06 17:57 C:\Windows\SysWOW64\sqyjlgrh

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\User32.dll
[2010-11-21 05:24] - [2016-03-11 12:49] - 001008640 _____ (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 05:24] - [2016-03-11 12:49] - 000833024 _____ (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE


LastRegBack: 2020-08-06 10:01
==================== End of FRST.txt ========================

mycity.rs/must-login.png
mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8358
  • Gde živiš: Novi Beograd

Napokon malo veci napredak. Aj sad da vidimo da li ce do kraja odraditi.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
C:\Users\Win7\AppData\Local\bowsakkdestx.txt
C:\Users\Win7\AppData\Local\4040d079-f2eb-4944-8e54-1c7e0ee6c604
C:\SystemID
C:\ProgramData\MR02TGA9HNP8YZE3RLY6DN2HT
C:\Program Files\I8JQ12YVMS
C:\Users\Win7\AppData\Roaming\5tr54vcb15i
C:\Program Files\EWLR3JPR5K
C:\ProgramData\lock.dat
C:\ProgramData\irw.atsd
C:\ProgramData\ts.dat
C:\Users\Win7\AppData\Roaming\rzlcc5xlcwg
C:\Program Files\OTQQFRLI3L
C:\Users\Win7\AppData\Local\app
Unlock: C:\Windows\SysWOW64\sqyjlgrh
C:\Windows\SysWOW64\sqyjlgrh
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 140

helen1 ::Napokon malo veci napredak. Aj sad da vidimo da li ce do kraja odraditi.

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
C:\Users\Win7\AppData\Local\bowsakkdestx.txt
C:\Users\Win7\AppData\Local\4040d079-f2eb-4944-8e54-1c7e0ee6c604
C:\SystemID
C:\ProgramData\MR02TGA9HNP8YZE3RLY6DN2HT
C:\Program Files\I8JQ12YVMS
C:\Users\Win7\AppData\Roaming\5tr54vcb15i
C:\Program Files\EWLR3JPR5K
C:\ProgramData\lock.dat
C:\ProgramData\irw.atsd
C:\ProgramData\ts.dat
C:\Users\Win7\AppData\Roaming\rzlcc5xlcwg
C:\Program Files\OTQQFRLI3L
C:\Users\Win7\AppData\Local\app
Unlock: C:\Windows\SysWOW64\sqyjlgrh
C:\Windows\SysWOW64\sqyjlgrh
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.


Ovaj put FRST odradio fixlist bez problema.

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8358
  • Gde živiš: Novi Beograd

Odlicno. Sad bi trebalo da je mnogo bolje.

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Tools odaberi Options.
U dijaloškom okviru koji se pojavi isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Ako ti javi da postoji novija verzija, postaraj se da je preuzmeš.

Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Pojavit će se poruka da računar treba restartovati. Klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

offline
  • Pridružio: 28 Okt 2014
  • Poruke: 140

helen1 ::Odlicno. Sad bi trebalo da je mnogo bolje.

Preuzmi AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Tools odaberi Options.
U dijaloškom okviru koji se pojavi isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Ako ti javi da postoji novija verzija, postaraj se da je preuzmeš.

Klikni na dugme Clean i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Pojavit će se poruka da računar treba restartovati. Klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C0].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"


Izgleda da nije nista štetno pronadjeno koliko vidim na ovom logu, nisam dobio tu opciju CLEAN, dobio sam RUN basic repair i Skip Basic repair

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8358
  • Gde živiš: Novi Beograd

Log cist kao suza. Very Happy

Da li ima jos nekih problema?

Ko je trenutno na forumu
 

Ukupno su 1017 korisnika na forumu :: 89 registrovanih, 9 sakrivenih i 919 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 5.56, _Petar, A.R.Chafee.Jr., anbeast, Apok, armor, babaroga, bojankrstc, borko_marjanovic, cifra, crnitrn, Cufo, cvrle312, dakota, dane007, darcaud, darkangel, dejoglina, DM1994, Doca, dogodine, draganca, dragon986, Drug pukovnik, dzoni25, flash12, gagidjuric, Gama, Georgius, goxin, gringo22, Hektor, ikan, ILGromovnik, jimmy1, Kinkou, kosticmilanko, Leonardo, Lep1na, ljs, lord sir giga, MarKhan, Marko Marković, Markoni29, messerschmitt, MILD66, milimoj, miodrag, Miskohd, Mitraljeta, MORAVA1, nadjas_515, nebkv, Nebo_M, nebojsag, nenad812, nikolapetkovic, ninareflex, novator, Pakito93, Panter, powSrb, Ratnik84, RJ, ruseskij, sakota79, Singidunumac, Skiper1, snop, Snorks, solic, sombrero, sosko2, Srki94, Srky Boy, studentbgd, sunto, suton2, uruk, vladas87, VP3987, Warhawk, wolf431, Yellow Pinky, Zandar, zastavnik, Zerajic, zoranis, šumar bk2